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Abstract 

Permutation polynomials over finite fields constitute an active research area and have applica¬ 
tions in many areas of science and engineering. In this paper, four classes of monomial complete 
permutation polynomials and one class of trinomial complete permutation polynomials are pre¬ 
sented, one of which confirms a conjecture proposed by Wu et al. (Sci. China Math., 2015, 58, pp. 
2081-2094). Furthermore, we give two classes of permutation trinomial, and make some progress 
on a conjecture about the differential uniformity of power permutation polynomials proposed by 
Blondeau et al. (Int. J. Inf. Coding Theory, 2010, 1, pp. 149-170). 
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1 Introduction 

Let Fpn be a finite field with p” elements, where p is a prime and n is a positive integer. A polynomial 
f{x) e Fpn[a;] is called a permutation polynomial (PP) if the associated mapping f : c f{c) from 
Fpri to itself is a bijection. PPs have been intensively studied in recent years due to their important 
applications in cryptography, coding theory and combinatorial design theory (see [TlEKIIKIllEo] and 
the references therein). For instance. Ding et al. [7] constructed a family of skew Hadamard difference 
sets via the Dickson PP of order five, which disproved the longstanding conjecture on skew Hadamard 
difference sets. Some recent progress on PPs can be found in [U EJ EJ EJ EJ El El El El ESI ESI EZ] . 

A polynomial f{x) € Fpn[a:] is called a complete permutation polynomial (CPP) if both f{x) and 
f{x) + x are permutations of Fpn. These polynomials were introduced by Niederreiter and Robinson in 
|18j . The simplest polynomials are monomials, and for a positive integer d and a G F*n, the monomial 
ax'^ over ¥pn is a CPP if and only if gcd((i, q — l) = l and ax^ -|- x is a PP. We call such an integer d a 
CPP exponent over Fpn. Recently, Charpin and Kyureghyan [3| proved that 2^ -|- 2 is a CPP exponent 
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over ¥ 22 k for odd k. In [22], a class of CPP exponents over F 2 n of Niho type was given. Two new 
classes of CPP exponents and a multinomial CPPs were proposed in [24|. Further results about CPPs 
can be found in [JT] [23l [28] . 

In this paper, we construct four classes of monomial CPPs, one class of trinomial CPPs and two 
classes of permutation trinomials as follows: 

1. Let p be an odd prime, r + 1 = p and d = pk_i + 1- Then a~ x is a CPP over ¥prk, where 

a G such that = — 1 . 

pVK 

2. Let n = 6k, where A; is a positive integer with gcd(A:, 3) = 1. Then d = + 2^^“^ is a 

CPP exponent over F 2 ™. To be specific, a~^x^ is a CPP over F 2 n, where a G <t < 

22^ + 2^^=, 3 ft}. 

3. Let n = 4fc. Then d = (1 + 2^^“^)(1 + 2^^) + 1 is a CPP exponent over F 2 ". To be specific, if a 
is a non-cubic element of F* 2 fe, then a~^x'^ is a CPP over ¥ 2 ^. 

4. Let p be an odd prime and n = 4/c. Then d = ^ + p^^ is a CPP exponent over Fpn. To be 

2fc 

specific, is a CPP over F^n, where a G : 0 < t < 

5. For any odd prime p, f{x) = —x + x 2 + x 2 p is a CPP over FpSm. 

6 . Let m > 1 be an odd integer, and write k = Then for each u G F^m, f{x) = x + 

^- 13 , 2 '“-! _|_ y 2 '= ^ 2 . 2 '=+! -g ^ pp 

7. Let m > 1 be an odd integer such that m = 2k —1. Then f{x) = x-\-ux'^’‘~^+ u'^’^,u G 
F^m, is a PP over F 2 m. 

The first class is a conjecture made by Wu et al. [24|, and our main technique is using the AGW 
Criterion [T]. By using the additive characters over the underlying hnite helds [ 2 T], we give three 
other new classes (Class 2-Class 4) of monomial CPPs over finite fields. Classes 5, 6 and 7 are explicit 
constructions of PPs and CPPs through the study of the number of solutions of special equations 

0 71 - 

Functions with a low differential uniformity are interesting from the viewpoint of cryptography 
as they provide good resistance to differential attack. In |3], the authors considered the differential 
properties of power functions and proposed the following conjecture. 

Conjecture 1. [3| Let n = 2m with m odd. Let \ x ^ x^ he the power PPs over F 2 ™ defined by 
the following values of d: 

( 1 ) d = 2 "^ + 2 (”^+ i )/2 + 1 , 

(2) d = 2^+^ + 3. 

Then, for these values of d, is differentially 8-uniform and all values 0,2,4, 6,8 appear in its 
differential spectrum. 
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To determine the exact value of differential uniformity is a difficult problem. In this paper, we make 
some progress towards Conjecture [U and prove that the differential uniformities of these polynomials 
are at most 10. 

This paper is organized as follows. In Section [21 we introduce some basic notations and related 
results. In Section[3l four classes of monomial CPPs are given. In Section^ we give a class of trinomial 
CPPs. Two classes of PPs are presented in Section [5l Section [6] investigates the differential properties 
of monomial PPs. Section [7] concludes the paper. 

2 Preliminaries 

The following notations are fixed throughout this paper. 

• Let p be a prime, n be an integer, and Fpn be the hnite held of order 

• Let Tr” : i—>• F^r- be the trace mapping dehned by 

Tt^{x) = x + xP^ + + • • • + 

where r|n. For r = 1, we get the absolute trace function mapping onto the prime held Fp, which 
is denoted by Tr„. 

• Let N” : F^n i—)■ Fpr be the norm mapping dehned by 

N^{x) = xxP^xP"^ ■■■xP"~\ 

where r|n. For r = 1, we get the absolute norm function mapping onto the prime held Fp, which 
is denoted by N„. 

• Let Cp = exp(27r\/—1/p) be a p-th root of unity, and Xn{x) = be the canonical additive 

character on Fpn. 

We hrst recall a criterion for PPs which can be given by using additive characters over the under¬ 
lying hnite held. 

Lemma 2.1. [T7] A mapping f : Fpn i-)- Fpn is a PP if and only if for every a G F*™, 

X] Xn{af{x)) = 0. 

Let n, r, k be integers such that n = rk. For any a G Fpn, let a* = where 0 < z < r — I. Dehne 

r—1 

ha{x) = X JJ(X -t- Oi). 
i=0 

Then we have the following lemma. 
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Lemma 2.2. [23] Let n = rk, and d = ^pk_i + 1- Then x'^ + ax G Fpn[x] is a PP over if and only 
if ha{x) G Fpfc[a:] is a PP overFpk. 

The following lemmas will also be needed in the following sections. 

Lemma 2.3. [T](AGW Criterion) Let A, S and S be finite sets with ffS = ffS, and let f ■. A ^ A, 
h : S ^ S, X : A ^ S, and X : A ^ S be maps such that X o f = h o X. If both X and X are surjective, 
then the following statements are equivalent: 

1. f is bijective; 

2. h is bijective from S to S and f is injective on A“^(s) for each s £ S. 

Lemma 2.4. [T7] Let p be an odd prime, and let m, k be positive integers such that is odd. 

Then x^ + x is a permutation on F^m. 

Lemma 2.5. [17] An irreducible polynomial over Fg of degree n remains irreducible over F^^ if and 
only if gcd{k,n) = 1. 

3 Four classes of monomial CPPs 

3.1 The first class of monomial CPPs 

In this subsection, we will prove the conjecture of Wu et al. [23|. Before proving it, we establish the 
following useful lemma. 

Lemma 3.1. Let p be an odd prime and k he a positive integer. Then f{x) = x{x‘^ — c)^~ is a PP 
over Fpfe, where c is a non-square element in F^k. 

Proof. We first show that x = 0 is the only solution to f{x) = 0. If f{x) = 0, then x = 0 or 
(x^ — = 0. If (x^ — = 0, then c = x^, which leads to a contradiction since c is a non-square 

element. Therefore /(x) = 0 if and only if x = 0. 

Next, we prove that /(x) = a has a unique nonzero solution for each nonzero a G F^fc. Let 
A(x) = x^ — c, A(x) = x^ and h{x) = {x c)x^“^. Then it is easy to see that the following diagram 
commutes: 

F\ A A(F%) 

pro \ pft. / 

if ih 

F\ A A(F\). 

By Lemma 12.31 it suffices to prove that h is bijective and / is injective on A“^(s) for each s G A(F*j,). 
Since for each s G A(F*j,), A“^(s) = {±(c -|- s) 2 }, and /((c -|- 5 ) 2 ) ^ /(—(c -|- 5 ) 2 ), it implies that / is 
injective on A“^(s) for each s G A(F*j,). 


4 




In the following, we will verify that h is bijective. Since ^A(F*j,) = 7 ^A(F*j,), we only need to show 
that h is injective. For any b € A(F*s,), 6 is a square element in F*j,. We assume 

xP + cxP-^ = h ( 1 ) 


has at least two distinct solutions. Setting ?/ = y, the equation 


y 


p 



( 2 ) 


has at least two distinct solutions. Assume yi, y 2 are two distinct solutions of Eq. ([2|). Then yi — y 2 
is a root of yP — ^y = 0, and so must be a root of yP~^ — ^ = 0. It follows that ^ = yQ~^ for some 
yo G Fpfc, which is impossible since ^ is a non-square element in F^fc. Hence Eq. dH) has at most one 
solution in A(F*fe). Therefore, h{x) is bijective. This completes the proof. □ 

Now we can prove the following result, which is a conjecture made by Wu et al. |24j . 

Theorem 3.2 ([23] Conjecture 4.20). Let p be an odd prime, r + 1 = p and d = ^pkZi + 1- Then 
a~^x^ is a CPP over¥prk, where a G F*^*, such that aP'‘~^ = —1. 

Proof. Since gcd(p’’^ — 1, d) = 1, the monomial x'^ is a PP over F^r/c. 

Note that aP'‘~^ = —1. Then aP*‘ = —a and {a‘^)P'‘~^ = 1. By Lemma 12.21 to prove the conjecture 

p— 1 

we only need to show that ha{x) = x{x‘^ — a?)^~ is a PP over F^/c for any k. Let c = G F^fe. Then 
c is a non-square element in F^fc since a 0 F^*;. Hence the result follows from Lemma 13.11 □ 


3.2 The second class of CPPs 

In this subsection, let p = 2 and n = 6k for some integer k satisfying gcd(A;, 3 ) = 1 , and w be a fixed 
primitive element of F26fe. We will show that d = -|- 2 ^^“^ is a CPP exponent over F26i;. We 

define the following set 

S:={a;*( 2 "'-l)| 0 <^< 22 ^ + 2 ^^ 3 ft}. ( 3 ) 

Lemma 3 . 3 . For each a G S, Tr2^(a) 7^ 1 . 

Proof. If a G S'fj®’22'=! then Ti^kiO') = a / 1 - So we assume that a G 5\F22fc below. 

Since 3 |( 2 ^^ — 1 ), there exists b G F26fc\F22fe such that b^ = a. We observe that N2^(a) 
definition of S', so rj := N2fc(6) G F|. Here, p 7^ 1 , again by the definition of S. 

Let B{x) = x'^ + Bix^ + B2X + B^ G ¥22k [x] be the minimal polynomial of b over F22fc. 
is irreducible over ¥22k, Bi = Tr2^(6) and H3 = ip We can directly verify that 

Tr“(a) = Tr“( 63 ) = Bf + B,B2 + B^. ( 4 ) 


= 1 by the 
Then B{x) 
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If Bi = 0, then = t] ^ 1, and the claim follows. We assume that Bi ^ 0 below. Assume 

to the contrary that Tr 2 ^(a) = 1. Then Eq. Q gives that B 2 = —and we have 


B{x) = + Bix^ + B 2 X + i ?3 

o 2 

= x^ + Bix^ H-+ -^3 

n>i 

= {rjx + Bi){rf‘x^ + Bix + 

Bi 

contradicting to the fact that B{x) is irreducible over F 22 i;. This completes the proof. □ 


Lemma 3.4. Fix an integer k with gcd(A:,3) = 1. Suppose n = 6k and d = 2^^ ^ Ifv&S, 

then 

^ X6k{x'^ + vx) = 0. 
a:eF 26 fc 

Proof. Let a be a primitive element of Fg with + a + 1 = 0. Since gcd(/c, 3) = 1, we have F 26 fc = 
F 22 fc(a). For any x G F 26 i;, it can be expressed as 

x = xq + xia + X 2 a^, 


where xq,xi,X 2 G F 22 fe. 

Since gcd(A:,3) = 1, we first consider the case k = 1 (mod 3), in which a? = a^. The first 
step is to compute a direct representation of Tr„(x'^) as a function of xo,xi and X 2 . Note that 
Tr 2 ^(a) = Tr 2 ^(a^) = 0 and Tr 2 ^(l) = 1 . A routine computation shows that 

Tr6fc(a;'^) = Tr2fc(a;o + X 1 +X 2 + X 1 X 2 ). 


Next, putting 


with vq,vi,V 2 G F 22 fe, we find that 


n = no + Via + ^20^ 


Tr6fc(nx) = Tr2fc(noXo + ^1X2 + ^2X1). 


Consequently, 

X6k{x'^ + vx)= ^ X2fc(a;i + 3:2 + a;ia;2 + ^ X2fc(a;o + ■Woa^o)- 

xGF^Stc Xl,X2e¥22k xo€V.22k 

From Lemma [331 we get no / 1. Therefore, X6k{x'^ + vx) = 0. 

For the remaining case k = 2 (mod 3), a similar discussion leads to X6fc(3;'^ + nx) = 0. □ 
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Theorem 3.5. Let n = 6k, where k is a positive integer with gcd(/c, 3) = 1. Then d = + 2^^“^ 

is a CPP exponent over ¥ 2 ^- To he specific, if a € S with S defined as in ([3|), then a~^x^ is a CPP 
over F 2 ". 

Proof. Since gcd(d, 2®^ — 1) = 1, we have is a PP over F 26 fc. In what follows we prove that + ax 
is also a PP over F 26 fc. We only need to prove that for each a £ 

^ X6k{a{x‘^ + ax)) = 0, 

where a £ S. Since gcd((i, 2 ®^ — 1 ) = 1 , each nonzero a £ F^efe can be written as a = for a unique 
fi £ F* 6 j. , and we have 

X6kia{x'^ + ax)) = ^ X6fc((/3x)'^+ /3'^"^a/3x) 

xeF^efc 

= X6k{x‘^ + /3‘^~^ax) 

xeFjBfe 

Since ^+ 2 '^^ ^~^a £ S, it follows from Lemma 13.41 that for each a £ F*gfc, we have 

^ XQkioiix^^+ ax)) = 6. 

This completes the proof. □ 

3.3 The third class of monomial CPPs 

In this subsection, let p = 2 and n = Ak. We will use an analysis similar to that of the previous 
subsection to show that d = {1 + 2^^“^)(1 + 2^^) + 1 is a CPP exponent over F 24 fc. 

Lemma 3.6. If v is a non-cubic element o/F* 2 fc, then 

Proof. Using polar coordinate representation, every nonzero element x of F 24 fc can be uniquely repre¬ 
sented as X = yz with y £U and z £ F* 2 fe, where U = {X £ F 24 i: = 1}. Then 

3:GF24fc 
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+ vyz) 


= i + E E 

yGf/2GF*2^ 

= -2^^ + ^ ^ XAkivz^ + vyz) 
yeu z&^2k 

=-2"^^+ Y^ X 2 fc(Tr|^(y^^ + vyz)) 

yGU zG¥^2k 

= -2^^ + Y E ^‘ik{{y + y'^^'^)z^ + {y + y^^'^)vz) 

y&U zG¥^2k 

= -2“ + j; ^ X2U^‘(V + V^“+VV + V^“*%^)) 

yeu z&^2k 

= {N{v) - 1)2^'^, 

where N{v) denotes the number of y’s in U such that y + y'^^'^ + = 0, which is equivalent 

to 


y + y^ + y^v"^ + y ‘^v'^ = o, 


that is, 


{y + y ^)[l + v'^{y + y =0. 

Since u is a non-cubic element of F* 2 fe, we get 1 + v^{y + y~^)^ / 0. Hence y = 1 is the unique root. 
Thus N{v) = 1, and this completes the proof. □ 

Theorem 3.7. Let n = Ak. Then d = (1 + 2^^“^)(1 + 2^^) + 1 zs a CPP exponent over F 2 ™. To he 

specific, if a is a non-cubic element of¥*^ 2 k, then a~^x'^ is a CPP over ¥ 2 r^. 

Proof. It can be verified that gcd(d, 2^^ — 1) = 1. Thus, it suffices to prove that + ax is a PP for a 

non-cubic a G F* 2 fc. Since each nonzero a G F24i: can be written as a = for a unique fi G F* 4 j,, we 

have 

Y Xik{.oi{x’^ + ax)) = Y XAkiifix)’^ + I3'^~^afix) 

a;GF24fc 3;GF24fc 

= E Xikix^^ + fi‘^~^ax) 

X&2Ak 

xeF24fc 

Note that H(i+2^'')q, is also a non-cubic element of F* 2 fc. For each a G F* 4 j,, we have 

Y XAkiaix’^ + ax)) = Q, 

X&2‘ik 

by Lemma 13.61 This completes the proof. □ 


3.4 The fourth class of monomial CPPs 


In this subsection, we study the fourth class of monomial CPPs, where p is an odd prime, re = 4A; and 
d = ^^-2 - \- p . Let a; be a fixed primitive element of Denote the conjugate of x over by x, 

2k 

i.e. X = x^ . We also dehne the set S as follows: 

2k 

S := : 0 < t (5) 

We first recall two lemmas. 

Lemma 3.8. [lOj Let p be an odd prime and d|p” — 1. Let s be the least positive integer such that 
d\p^ + 1. For each 0 < j < d, define the set 

_ 1 

:= E F;„|0 < f 

1. In the case d is an even integer, and both + l)/d and d/2s are odd integers, we have 

p”; if a = 0, 

< (—1) 2 i+^(d — l)p 2 ; if a £Cd, 

2 

(—l)27p2; if a 0 Cd. 

V 2 

p"'; if o = 0, 

< (—— I)p' 2 ; if a e Co, 

_(-I)^p5; if a ^ Co- 


Xniax’^) = 

x£¥p7i 

2. In all the other cases, we get 

Y ^ri{ax^) = 

X£¥pn 


Lemma 3.9. [TO] Let d be an integer with gcd(d,p"' — 1) = 1. Suppose that there exists an integer i 
such that 0 < f < re and (d —p*)|(p” — 1). Choose an integer N such that {d — p^)N = 0 (mod p” — 1). 
Then 

1 

Y. Xn(^'‘ + ax) = -Y E 

X£¥prL 0 y£¥prL 

As a preparation, we have the following lemmas. 

Lemma 3.10. If a £ S with S defined as in then for some integer s. 

Proof. Assume to the contrary that for some integer s. Since ad = —I, we have 


re T 1 
re — I 


a — aa 
re + red 


1 — re 
1 T re 


( 


1 — a 
1 “h Cl 





It follows that 

2k 

^(2s+i)(p2fc+i) 

which is a contradiction. So we have for some integer s. □ 
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+ If a ^ S with S defined as in ([5]) 


4/c 1 

Lemma 3.11. Let p be an odd prime, n = 41 and d = ^ fi' 
then ExGFpn Xn{x^ + ax) = 0. 

Proof. By Lemma 13.91 we have 

2 Xnix‘^ + ax)= Xniy‘^ia + 1)) + Y Xn(y^(oW + 

yGWpTi y^F^n 

= Y Xn(y^(a + 1))+ Y Xn(y^((a - l)w)). 

J/GFpTi J/eFpn 

From Lemma [3.101 a — 1, a + lsCoora — 1, o + IgC'i. Then a direct application of Lemma ESI 
shows ExGFpn Xnix'^ + ax) =0. □ 

We now have the following theorem. 

Theorem 3.12. Let p be an odd prime and n = 4k. Then d = ^ Y + is a CPP exponent over 

Fpn. To be specific, if a € S with S defined as in (0), then a ^x’^ is a CPP over F^n, 

Proof. Since gcd{d,p'^ — 1) = 1, for each a € 5, the monomial a~^x^ is a PP over Fp^i. To finish the 
proof, it suffices to prove that x^ + ax permutes Fpn. 

The fact gcd(d, p" — 1) = 1 shows that each nonzero element a G Fpn can be represented as a = (5’^ 
for a unique fi G Fp„. Then 

Y Xn{oi{x^ + ax)) = Y Xn((/3x)‘^ + /3‘^"^a/3x) 

aiEFpTi a^GFpTi 

= Xn{x<^ + fi^-^ax) 

x^FpTi 

2k 

a^GFpTT. 

2k _j_.| 

Since /3^ 2 “i)a G S, it follows from Lemma [3.111 that for each a G F*™, we have 

Y Xnia{x‘^ + ax)) = 0. 

xGFpTi 

This completes the proof. □ 

4 A class of trinomial CPPs 

In this section, we consider a class of trinomial polynomials and show that they are CPPs. 

p27n_|_^ ifji 

Theorem 4.1. For any odd prime p, f{x) = —x + x 2 + x 2 p is a CPP over FpSm. 
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Proof. Note that 


J [X) + X = X 2 + X 2 


g{x 2 


) 


with g{x) = X + x^'^ . It follows that f{x) + a; is a PP over if and only if g{x) is so, since 

— 1) = 1. By Lemma \2M g{x) is a PP over F^sm, so f{x) + x is a PP. 

In the following, we show that f{x) is a PP over F^sm. Write h{x) := x + x^’"‘ — so 

that /(x) = h{x^ 2 ^ ). Since gcd(2—— 1) = 1, /(x) is a PP over F^sm if and only if h{x) is a 
PP over Fp3m. Note that h{0) = 0 and for x / 0, 


h{x) 


^l+p2rr, ^pmj_p2m _ ^l+p^ 

xP 


We first prove that h{x) = 0 if and only if x = 0. Suppose to the contrary that h{x) = 0 for some 
X / 0, that is, 

— X" 

Raising the above equation to the p^-th power and the p^”*-th power respectively, we obtain 

„2m I „2m 


pmj_p 2 m _ ^ Q 


X 


1+p” 


+ x^^P - = 0, 

^p-+p2m ^1+p- _ ^l+p2- ^ 


Adding the above two equations together, we deduce that 2x^~^p'^ =0. So x = 0, contradicting to the 
assumption that x G F* 3 ^. Thus h{x) = 0 if and only if x = 0. 

Next, we prove that h{x) = a has at most one nonzero solution for each a G F* 3 ^, that is 


has at most one nonzero solution for each a G F* 3 ^. Raising both sides of Eq. ([6]) to the power of p™ 
and respectively, we get 

x^+p”" _g = a^’^x, 

^p™+p2m ^i+p- _ ^ aP^'^xP"’. 


Adding the above two equations together, we obtain 

T+P"* _ „p 


2x^^P" =aP"x + aP -P 


,2m ^m 

xP 


Because x / 0, we have 2x^ = aP + qP x 

y‘' + a- 


2m —m_ 1 ~ . 1 

P . Setting y = -, we get 


,p"‘ _u nP^”"-p”"y - 2a~P"" = 0. 


(7) 

( 8 ) 


If Eq. ([5|) has at least two distinct nonzero solutions yi, y 2 in FpSm we get yi — y 2 G FpSm is a 
root of yP"" + aP^’^~P"^y = 0, and so a root of yP'^~^ + aP^^~P'^ = 0, contradicting to the fact that 
yP"^-^ _l_ gP ""-p"* _ g solution in FN^. Therefore, Eq. ([8|) has at most one nonzero solution in 

Fp3m. Hence h{x) = a has at most one nonzero solution for each nonzero a G Fp3m. 

To sum up, we have shown that h{x) is a PP, and thus /(x) is a PP. The proof is now complete. □ 
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5 Two classes of trinomial PPs 

It looks difficult to give a simple characterization of trinomial PPs over finite fields. In [5], the authors 
use different tricks including the multivariate method introduced by Dobbertin [?, [8] to construct 
several classes of trinomial PPs. In this section, we constrnct two classes of trinomial PPs over ¥ 2 ^ 
by similar techniqnes. 

Theorem 5.1. Let m > 1 be an odd integer, and write k = Then for each u G F^m, f{x) = 

x + u^'^ ^~^ + is a PP over¥ 2 m. 

Proof. Since gcd(2,2”* — 1) = I, we need only to show that h{x) = (/(x))^ = + 

+ -g pp y — ^ 

First, we prove that h{x) = 0 if and only if x = 0. Clearly, if x = 0, then h{x) = 0. Conversely, if 
there exists some x G F^m such that 

M^x^ + uy^ + uu^x'^y^ = 0, (9) 

raising both sides of Eq. ([9]) to the 2^-th power gives us 

ify'^ + u^x^ + ifu^x'^y^ = 0. 

Since gcd( 2 , 2”^ — 1) = 1, we have 

uy"^ + ux^ + nux^y"^ = 0 . ( 10 ) 

Adding Eq. ([9]) and Eq. (fTOjl together, we obtain 

u X + ux + uu X y + uux y = 0, (11) 

which can be factorized as ux^(l + ux^)^^^*" = 0. It follows that x^ = i.e., x = . But 

h{ ^ / 0, which is a contradiction. Hence h{x) = 0 if and only if x = 0. 

Next, if h{x) is not a PP, then there exist x G F^m and a G F^m such that h{x) = h{x + ax). Let 
b = a? . It is clear that a, 6 / 0,1. Since h{x) = h{x + ax), we have 

u^x^ + uy'^ + uvfy'^x'^ + l)x^ + u{b + l)^y^ + uv?{h + l)^y^(a + l)^x^ 

vf [a +1)“^ x"^ ’ 

which simplifies to 

Aix^y^ + A2y‘^ + Asx^ = 0, (12) 

with Ai = {of‘b‘^ + a^ + 6 ^ + b)uu, A 2 = ( 6 ^ + b)u, and A 3 = (6 + a^)u. 

We claim that A 1 A 2 A 3 7 ^ 0. If Ai = 0, we get (6 + l)^a^ = 6(6 + 1). Thus of = Raising both 
sides to the 2^-th power, we get 6 ^ = . Then 6 ^ = 6 , which leads to 6 = 0 or 1, a contradiction. 

So Ai 7 ^ 0. A similar discussion shows that A 2 , A 3 f 0. 

Raising both sides of Eq. p2p to the 2^-th power, we have 

AfxV + ^fy' + ^fx4 = 0. (13) 
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( 14 ) 


By Eq. (fT^ and Eq. (fTHI) . cancelling we get 

Bix'^ + B2X^ + i?3 = 0, 

where Bi = + AiA^ = {lA{a + / 0, B 2 = A^^~^ / 0, B3 = A^^^ ^ 0. 

Substituting = -^7 into Eq. (fT4]l . we obtain 


7 + 7 + = 0, 

where D = = Hi + Hf^ and Hi = • We also have 


(15) 


W.(Hi) = Tr^(^(^ 


Ai ^3 2fc+i 


( n , 2 , (a^ + fe)(a + ^)^ ^ 

= TV„((l+a +y) „2(„ + i)2t(t + i) j 


= Tr 

- -L-L-r 


— Tr 

— -Lin 


{a^ + b){a + bf ^ {a^ + b){a + bf ^ {a‘^ + b){a + b)^ \ 


a2(a +1)26(6 + 1) (a + 1)26(6 + 1) (o + 1)262(6 + 1) y 

a2 1 6^ a'^ 

4~ / . 1 \o 4~ 0 / ^\o/* 4~ 


+ 


(a+ 1)26(6+1) (a+ 1)2 o2(a + 1)2(6 + 1) (a+ 1)26(6 + 1) (a+ 1)2 


r + 


62 


+ 


+ 


+ 


(a+ 1)2(6 + !) (a+ 1)262(6 + 1) 6(a + 1)2 (« +1)2(6+!) 


— Tr 

— -Lin 


+ 


+ 


(a+ 1)26(6+1) 6(a + 1)2 (a + 1)2(6+ 1) 


+ TV, 


1 a2 

+ 


+ T17 

= 1 . 


62 


+ 


+ 


62 


(a+ 1)2 (a+ 1)2 

„4 


+ 


a2(a + 1)2(6 + 1) (a+ 1)26(6 + 1) (a+ 1)2(6 + !) (a + 1)262(6 + 1), 

Raising both sides of Eq. (I15p to the 2*-th power, 0 < i < d — 1, and then summing them up, we 

k-l 

=j + ^(Hi + Hf )2* = 7 + + TrM) = 7 + -Di + 1. (16) 

(17) 

(18) 


get 


It foiiows that 


i=0 


72'=+! = Dij + D. 


Combining Eqs. (fT^ . (fTU|l and (fT7D . we obtain 

Cij + C 2 = 0, 

where Hi = 2li^2^+2 ^ q C 2 = A^Bi 0. Thus 7 = ^- Then from Eq. (fT5]) . we get 

Hij42 + A1A2B2 = A^B^, 


13 



























which leads to 

b^{b^ + a'^) = + a^). 

Note that gcd(2,2™ — 1) = 1 whence 


a^lP' + + a^b + = 0 . 


Raising both sides of the above equation to the 2^-th power, we get 


+ a^ + + b^ = 0. 


It follows that 


b‘‘{a^ + b) = a'^{a^ + r) = {a'^ + a^b){a + b) = b^{l + a^){a + b). 


Then 


+ 1 


b = 


and raising both sides of the above equation to the 2^-th power, we deduce that 


a® + a'^ + o® + a® + + 1 = 0. 


Since + 1 is irreducible over F2, by Lemma 12.51 x® + x'^ + x® + x® + x^ + x^ + l 

is irreducible over F2"i. Hence a ^ F^m, which is a contradiction. This completes the proof. □ 

Theorem 5.2. Let m > 1 be an odd integer such that m = 2k — 1. Then f{x) = x + + 

^ 2 \ 2 ^- 2 >^+^+ 2 ^ F^^, is a PP over¥ 2 m. 

Proof. We first prove that f{x) = 0 if and only if x = 0. Let u = and y = Clearly, if x = 0 
then /(x) = 0. Conversely, suppose there exists some x G F^m such that 

x^y^ + uy^ + ux'^ = 0. (19) 

Raising both sides of the above equation to the 2^-th power, we get 

x^y^ + tt^y^ + ux^ = 0. (20) 

Multiplying both sides of Eq. (fT^ by x^, we obtain 

x^y^ + ux^y'^ + ux^ = 0. (21) 

Adding Eq. (1^ and Eq. (1^ together, we have 

ux^y^ + u^y^ = 0 . 

It follows that x^ = uy. So we have x = which leads to a contradiction since f{v?^ ^'’'^) = 

Wi ^ g xhus /(x) = 0 if and only if x = 0. 
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ofc 

Next, let a = . We will show that f{x) = a has a unique nonzero solution for each nonzero 

a G F 2 m. That is, for the equation 

+ u'lf' + ux"^ + axy^ = 0 , ( 22 ) 

there exists a unique solution x G Raising both sides of Eq. (122]) to the 2^-th power and 

multiplying Eq. (1221) by we get 

+ ux® + + ax^y = 0, (23) 

and 

x^y^ + ux^y^ + ux® + ax^y^ = 0. (24) 

Summing Eq. (I23|) and Eq. (I21|) . and dividing by y, we have 

u^y^ + ux^y'^ + ax^ + ax^y = 0. (25) 

Computing Eq. (f22]l -n+Eq. (1251) . and dividing by x, we obtain 

(o + uu)x^ + ax^y + ouy^ = 0. (26) 

Raising both sides of Eq. (126]) to the 2*^-th power, and then adding a-Eq. (f22]) . we have 

(a + uu^ + au)y + aax = 0. (27) 


Solving Eqs. (126]) and (j271) . we get 


Here, b = + uu^ + au and b = h'^^, 

proof. 


a^o? 

X = — 

bb ' 


( 28 ) 


which can be directly verified to be nonzero. This completes the 

□ 


6 Differential properties of power functions 

In this section, we consider the differential uniformity of monomial PPs. We first recall the basic 
definitions. 

Definition 6.1. Let F be a function from F2>i to ¥ 2 ^^. For any a G ¥ 2 ^, the derivative of F with 
respect to a is the function Da{F) from F2>^ into ¥ 2 ^ defined by 

Da{F{x)) = F{x + a) + F(x), x G F2". 

The resistance to differential cryptanalysis is related to the following quantities. 
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Definition 6.2. Let F be a function from ^2^1 into F2>^. For any a and h in F2'i, we denote 

S{a,b) = ti{x e¥ 2 ^\DaiF{x)) = b}. 

Then the differential uniformity of F is 

5{F) = maXa^o,feeF2n(5(a, 6). 

Remark 6.1. In the case F{x) = x'^ is a monomial, for any nonzero a € F2’^, the equation (x + a)'^ + 
x^ = b can be rewritten as a'^ ((| + = b. This implies that 6{a,b) = (5(1, 6/a'^). Therefore, 

for a monomial function, the differential properties are determined by the values <5(1, b), b G F2". From 
now on, we denote the quantity (5(1,6) by 6{b) for monomial functions. 

The following two lemmas can be found in [2], which will be used later. 

Lemma 6.1. [2] For a positive integer m and a,b £ ¥ 2 -^, a 0, the quadratic equation x'^ + ax + b = 0 
has solutions in ¥ 2 m if and only if = 0. 

Lemma 6.2. [2] For a positive integer m and a G F^m, the cubic equation + x + a = 0 has 

(1) a unique solution in F2"i if and only i/Trm(a~^ + 1) = 1; 

(2) three distinct solutions in¥ 2 ^ if and only ifpm{<i) = 0, where the polynomial pm{x) is reeursively 
defined by the equations pi{x) = P 2 {x) = x, Pk{x) = Pk-i{x) + x^ Pk- 2 {x) for k > 3] 

(3) no solution in ¥ 2 ^, otherwise. 

As a preparation, we have the following lemma. 

Lemma 6.3. Let n = 2m with m odd, b G F2" \ F2"* and y G F2"i \ F2. Then the number of solutions 
of the equation x"^ + y^(x^ + x + l)+x + l + 6 = 0 is 0 or 4. Moreover, if xq is a solution, then the 
other three solutions are given by xq + I, xi and xi + 1, where xi satisfies x^ + xi = Xq + xq + 1 + 

Proof. If xo is a solution of equation x^ + 2/^(x^ + x + l) + x + l + 6 = 0, then xq + 1 is also a solution. 
So we have 

x'^ + y^(x^ + X + 1) + X + 1 + 6 = (x^ + X + Xq + xo)(x^ + X + Xq + Xo + 1 + y^). 

Since Tr„(xQ + xq + 1 + y^) = 0, by Lemma [6T] the equation x^ + x + Xq + xq + 1 + y^ = 0 also has 2 
solutions and these two solutions are different from xq and xq + 1. Hence the number of solutions of 
the equation x^ + y^(x^ + x + l)+x + l + 6 = 0is0or4. The second part is obvious. □ 

We now state our result. 

Theorem 6.4. Let n = 2m with m odd and d = 2™'"*'^ + 3. Then F^ '. x ^ x^ is a permutation over 
F2n with 6{Fii) < 10. Moreover, for h G F2"i, we have 6{b) G {0,4}. 
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Proof. It can be verified that gcd(d, 2” — 1) = 1, so is a permutation. For each x G F2", let x := x^"". 
It is clear that x + x ^ ¥ 2 ^ and xx G F2m. We can then verify that 

Di{Fd{x)) = {x + 1)'^ + = (x^ + x)(x^ + X + 1) + 1 = (xx)^ + ((x + x)^ + l)(x + 1). 


Then it suffices to show that for any b G F2n, the equation Di{Fd{x)) 
Assume that 

= 6 has at most 10 solutions. 

(xx)^ + ((x + x)^ + l)(x + 1) = 6. 
Raising both sides of Eq. (I2^ to the 2'"-th power, we get 

(29) 

(xx)^ + ((x + x)^ + l)(x + 1) = b. 

Adding Eq. (1^ and Eq. (I30]l together, we have 

(30) 

((x + x)^ + l)(x + x) = 6 + 6. 

Setting y := X + X G F2"i and a := 6 + 6 G ¥ 2 ^, we obtain 

(31) 

y^ + y + a = 0. 

Replacing x = y + x into Eq. (|M]l , we have 

(32) 

x^ + y^(x^ + x + l) + x + l + 6 = 0. 

(33) 


Therefore, x is a solution of Eq. (|2^ if and only if it is a solution to following equations 

x^ + y^(x^ + x + l)+x + l + 6 = 0, 

< + y + a = 0, (34) 

x + x = y. 


Hence 6{Fd) F 12. Below, we consider the two cases where a = 0 and a ^ 0. 

Case 1: a = 0 

It is easy to see that b G F2"i and 0, 1 are solutions of Eq. (f32l) . We consider these two cases 
separately. 

(1) If y = 0, then x G ¥ 2 ”^- Thus Eq. (IM|i will become x^ + x + 1 = 6, which has either 0 solution 
or 2 solutions. And it has 2 solutions if and only if Trrn{b) = 1- 


(2) If y = 1, then Eq. (IMl) becomes 


x^ + x^ + 6 = 0, 
X + X = 1. 


(35) 


Since gcd(2, 2” — 1) = 1, equation x"^ + x^ + 6 = 0 is equivalent to x^ + x + 6^”" ^ = 0. Clearly 
it has 2 solutions by Lemma [6Tl Since 1 = x + x = ~ Trm(6^”" ) we get that 

Eq. ([55|1 has 2 solutions if and only if Trm(5) = 1. 
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Note that, for both cases, Eq. (1341) has two solutions if and only if Trm(^) = 1- Therefore, 
5(6) €{0,4}. 

Case 2: a / 0 

In this case it is obvious that b ^¥ 2 ^. and y ^¥ 2 - 

By Lemma [6l2l Eq. (1321) has 0, 1 or 3 solutions. We consider these cases separately. 


(1) If Eq. (|32]) has no solution, then 5(6) = 0. 


(2) If Eq. (1321) has one solution, say yo, then by Lemma 16.31 Eq. (f33]l has 0 or 4 solutions given 
by xii,xii + l,X2i and X21 + 1- However, we need xn + xT = yo holds for i = 1,2. Thus 
5(6) €{0,2,4}. 


(3) If Eq. ([32]) has three solutions, denoted by yi,y2 and y^. Then we have yi + y2 + ys = 0. For 
each yi, 1 < i < 3, by Lemma 16.31 there are 0 or 4 solutions for Eq. (I33p . So the total number 
of solutions for x is 0, 4, 8 or 12. 


(i) If the number of solutions for x is 0, 4 or 8, then the number of solutions to Eq. (I34p is at 
most 8. Thus 5(6) € {0,2,4, 6,8}. 

(ii) If the number of solutions for x is 12, that is, for each y,, 1 < i < 3, there are 4 solutions of 
Eq. ([33]) . Let the 12 solutions be {xij,Xij + l\i = 1,2,3; j = 1,2}, with yi corresponding 
to XjijXji + l,Xj2 and Xj2 + 1- If xn^xn + l,Xi2 and Xj2 + 1 are exactly the solutions of 
Eqs. (IMl) . we can easily get 


Xii + Xi 2 + (xii + Xj2)^ = 1 + yf, 

Xil + Xi2 € F 2 "*, 


(36) 


which means that the equation t^+t+l+y? = 0 has 2 solutions over F2’^. By Lemma f6.ll we 
have Trm(l+yi) = 0 so that Trm(yi) = 1- Therefore, if 5(6) = 12, then Trm(yi) = Trm(y2) = 
Trm(y3) = 1- However, 1 = Trm(yi) + Trm(y2) + T^miys) = "¥vm{yi + 2/2 + 2/3) = 0, which 
is a contradiction. So 5(6) < 10. 


Thus we obtain 5(Frf) < 10. 


□ 


Remark 6.2. For d = 2™ + we can obtain S{Ffi) < 10 in a similar way. In fact, with 

m = 2r — 1 and a := b + b, Eq. (I34p now take the following form 


x^ + (ay + l)x^ + ayx + (y^ + 1)6^ + 66 = 0, 
(y + l)x^’’ +x^ + yx + y + l + 6 = 0, 
y^ + (a + l)y^ + a?"" y + 0 ?^ = 0, 
X + X = y. 


(37) 


Hence 5(Fd) < 12. If b £ ¥ 2 ^, we can easily get 6(b) € {0,4}. If 6(b) = 12 for some 6 € F2n\F2m, 
we have Trm(ayi) = 1, and 1 = Trm(ayi) + Trm(ay2) + Trm(ay3) = Trm(a(a + 1)) = 0, which is a 
contradiction. 
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Hence we have the following result. 

Theorem 6.5. Let n = 2m with m odd and d = 2™ + + 1. Then : X ^ x'^ is a permutation 

over F2»^ with S{Fd) < 10. Moreover, for b G ¥ 2 ^, we have 6{b) G {0,4}. 

Remark 6.3. Here we give a concrete example to illustrate the idea of the proof Let w be a primitive 
element o/F2^, n = 10, d = 67, b = and a = b + b. Then Eq. (|3^ and Eg. (f33l) become 
+ y + a = 0 and + x + l) + x + l + 6 = 0 respectively. 


Solutions of 


Solutions of 

Solutions of 

y^ + y +a = 0 

Tlm(2/i) 

x^ + y^(x^ -|-x-|-l)-|-x-|-l-|-6 = 0 

Di{Fd{x)) = b 

yi = 

1 


w'XZ'o ^ 

y2 = 

1 



223 = 

0 


y^n^iy, y^34u 


In the above table, for a fixed element b, we obtain 3 solutions of Eq. (IMD, denoted by yi, y 2 and 
2/3. Eor each yi, by Eq. (p3]l we get 4 solutions. We need to determine whether they are satisfying 
x + x = yi. Since Tvmiys) = 0, there are at least 2 solutions which are not satisfying x + x = y^ (in the 
above example, and are not). However, for each yi, z = 1,2, we can not determine whether 
the 4 solutions are satisfying x + x = yi since Trm{yi) = TiCm{y 2 ) = 1 (in the above example, the four 
solutions corresponding to yi are not, while the four solutions corresponding to y 2 are). Therefore, in 
our proof we only can get 6{b) < 10, but in fact 6{b) = 6 for this example. Thus, we need to find more 
detailed conditions to characterize the solutions of the equation. 

7 Conclusion 

Permutation and CPPs have important applications in cryptography. This paper demonstrates some 
new results on permutation and CPPs. First, by using the AGW Criterion, we proved a conjecture 
proposed by Wu et al. |24] . Then we give three other new classes of monomial CPPs over finite fields 
and the main tool is additive characters over the underlying hnite helds. Moreover, a class of trinomial 
CPPs and two classes of trinomial PPs are also presented in this paper. Finally, for d = 2™+^ + 3 
or 2™ + 2^~ + 1, Blondeau et al. [3] conjectured that is differentially 8-uniform over F2", where 
n = 2m. We make some progress towards this conjecture and prove that the differential uniformity 
of x'^ is at most 10. It seems not easy to exclude the possibility that 6{b) = 10 for some b G F2"\F2m. 
We look forward to seeing further progress on this conjecture. 
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